Linux_FoundationLinux_Foundation
LFCS · Question #419
LFCS Question #419: Real Exam Question with Answer & Explanation
The correct answer is D: packet byte offset. A Snort rule header defines the basic characteristics of a packet to be inspected, including action, protocol, source/destination IP, and port, but does not include a packet byte offset.
Submitted by yuriko_h· Apr 18, 2026Networking
Question
Which of the following is NOT included in a Snort rule header?
Options
- Aprotocol
- Baction
- Csource IP address
- Dpacket byte offset
- Esource port
Explanation
A Snort rule header defines the basic characteristics of a packet to be inspected, including action, protocol, source/destination IP, and port, but does not include a packet byte offset.
Common mistakes.
- A. The
protocol(e.g., tcp, udp, icmp, ip) is a fundamental component of the Snort rule header. - B. The
action(e.g., alert, log, pass, drop) is the very first part of a Snort rule and defines what Snort should do when the rule matches. - C. The
source IP addressis a required component in the rule header to specify the origin of the traffic. - E. The
source portis a required component in the rule header for TCP/UDP rules to specify the port from which the traffic originates.
Concept tested. Snort rule header components
Reference. https://www.snort.org/documents/snort-users-manual/snort_manual.pdf
Topics
#Snort#IDS#Rule Syntax#Network Security
Community Discussion
No community discussion yet for this question.